Proposal for Combinatorial Optimization Technology in Consideration of the Dynamic Characteristic of IT Risks

Abstract

Society's increasing dependence on IT systems brings with it an increase in the need for risk-evaluation methods that contain the optimal combination of measures to be taken. In order to address this issue, we developed the multiple risk communicator (MRC), which aids in the reaching of a consensus with respect to the optimal combination of risk-avoidance measures while performing risk communication under the threat of multiple risks between stakeholders in the planning phase. However, each individual risk changes depending on the situation with the passage of time. For example, a measure to decrease a risk might increase other risks as a result of a reaction against the measure in the operational phase because the psychological states of the persons subject to the measure might influence the probability of the occurrence of fraud in internal injustice, such as unjust carrying out of the information. Therefore, any dynamic change to a risk ought to be dealt with in the operational phase. To deal with this issue, we propose a method to support the reaching of a consensus on the optimal combination of measures in an environment in which risks change dynamically in the Observe, Orient, Decide, and Act loop based on the conventional MRC. This paper describes a proposed method named Extended MRC and its experimental application to a small example dealing with internal injustice.